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mu nrrFRMi\\ii<A 5 » 

t \ a d i m -a v c \ Nv-'? nn u ; x h o* st wh s ; 


PI A is required by the E-Government Ac?, 

PI. A b to be completed ?ts a matter of EBI/BGJ discretion. 

\ h s . Oj >(> .. ’ b! * <>\ t K ' -Go 'Ptb <-o x. '-i 


Y Pi A is no? required tor the fbhovvmg reas-wts): 

As a ' hoes 'o collect* rnalntaby or disseminate PIT 

Ms* \*!i\? ?!?-.>_? l'K'\ P .. v\ V 1 ~ G * v *. -V ■>"<<(? ' * sOS^CS ' 

.‘ si i o < the system relates to interna} government operations. 

System has been previously assessed under an evaluation similar to a PiA. 
fy... No sign;near;? privacy issues (or privacy issues are unchanged). 

Other : desert hey 


\ " \aHv SOK\,. . 


I sT’ :: 


Notify FBI KMD-RTBS per MUX} 190.2.3? .fy.fyo .YesMee sample EC on PCLC mtrane? website here: 

;ntp:/dKnne/DOYX}Cd..TB / PC}.ij/Pr;vaeyCiv!;%20Libe;tiesO:2bLibntryAbnri JbrjniogUXM.dfyev.svpd 


SGRN/SORN revisionist} required? ffyfNo 


Yes (indicate revisions needed}: 


Prepore/revisemdd Privacv Act(e}i3} statements for related forma? 

AC A i AiYhAbff }Ac?AnmYtmA.Yf ""P-G 


RECORDS. The program should consult with RAID to idemify/resobe any Federal recontb/eieetroub records issues. 
The system may contain Federal records whether or not it contains Privacy Ac? requests asm. in arty event, a records 
schedule approved by the National Archives and Records Adtumbtratio?) b necessary. HMD can provide advice on this 

w o* r'p w xx .xnr*nniix t v>nr R*- o o\. rr v c -m u t ' _ s < u cws rv one 

Other:.* . 


A.;b* AP? h YbDepury General Counsel : 
FBI Privacy and Civil Liberties Gfficer 


Signature: 
Date Signed: 
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L INFORMATION ABOUT THE SYSTEM / PROJECT 


.1, Provide a geoeml description of the system or project that includes: (a) name of 
the systwUproject, indudiug associated acronyms; (b) structure of the 
system/project, Including iatemm.»ecfhms with other projects or systems; tel 
purpose of the svstem/preject? (d) nature of the Infornratkm in the system/prujeet 
aad how ii will he used: (e) who will have access to the mformatioo to the 
wshsr pf okv>, it ^d tlw tnaonu »d tratt\mwMou l<» dl is^r, 

^Service (EDS): {bl EDS is deployed on PBlNet and connects to the following systems; 
h'ifrasfrueiure. EDS consists of|___ I 


| -ci I"K's me" u com nwerm vC' v are up m l„ fc, vhm mew 

„ ) >, 0 ,S » i'- Hh .V Hl"\vh ' i.v'- us a ^ V, W v I.. UM Cv '>1. 

user identify attributes required to make access control and basic workflow decisions; (d) 
EDS Is a directory service that, contains selected identity and access control avoid ales of 
FBI employees, contractors, detailees and miegrees; (e) EDS diems induce: application 
systems. FBlNct users, and administrative clients fdirectory administrator and application 
spec ific delegated administrators); (f) Cli ents {application systems nr users) interact, with 
BDS l I EDS will return the attributes to its clients 

based on directory queries. 


2. Does the systern/project collect, maintain, or disseminate any information about 
rh •, mo i\uv' v ; f ' if , vmfo'worai 

V > Bo atm'' m ^ ° \ v, 'v s plctr nl mice fodsfoo wowfos 
should he submitted to FBI ODC/FCLU far fund' FBI approve!.. Unless you ore 

' x w W O \v ' ' a V S , s S 

X YES [If yes, please continue*! 

X Please indicate if any of the to linos eg characteristics apply to die Information in the 
system about individuals: Bear in mind that fog-on information may identify nr 
linkable to so individual 
tCheck ah that apply.) 

_X,_ The information directly identities specific individuals. 

The information is intended to be used, in conjunction with other data elements, 
to indirectly identify specific individuals. 

.X. The information can be used to distinguish or trace an individuals identity U.e„ it 

Is linked or linkable to specific individuals). 
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If you market! any of She above, proceed to Question: 4. 

None of the above. If none of the above., describe why the information does not 
.identify specific individuals either directiy or indirectly, [If you cheeked this Item, 
STOP here oiler providing the .requested description,! 

4. > - n \ ^ -v t i os wyv i o o r i c *, o rod w ► 

consultants? 

.NO .X.YES 


5. Is Information about United States citizens or lawfully admitted permanent resident 
aliens retrieved from the systemmroieet by name or other personal identifier 0 

.X.NO. [If no, skip to question ?.| 

.YES. [if yes, proceed to the next question.) 

O l\,s K l ‘ J w m i it ll L ' , ' 1!V -> O Ik 

subject of the information? 

NO [If no, proceed to question 7.) 

.YES 


a. Does the system/project support criminal C.T, or FCI investigations or 
assessments? 

NO 

.YES | if yes, proceed to question 7J 


b. Are subjects of information .from whom the information is directly collected 
provided a written Privacy Act (mfo) statement (either on the collection form or via a 

.NO [The program will aeed in work with fCLU to develop/lmpfement 

the necessary lormispj 

.YES Identify any forms, paper or electronic, used in request such 

Information front the informutkm subject: 
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7.. Are Social See only Numbers {SSNs) collected. maintained or disseminated from the 
systeuPprojea? Full SSNs should only be used as identifiers in limited instances, 

NO X YES If yes, cheek all that apply: 

t >. s ^ 1 <■ _ ) y < ) IN ^ loku ua ' Net , ^ \N 

| [ EDS will not 

d isplay and return the SSAN user attribute unless the client is explicitly authorised to sec 

h i ' | T!:C b7E 

authormadon must first be approved by DAA. 

SSNs are necessary to establish/cordsrm the identity of subjects, victims, 
svanos-nw -r sources m do- km e-vvreemem e~ hmYks mv ,u usm 


sy N - ,uo t> v,e ; uh '' <0 e'v „ am s i „ u 

nemmlsundve system. 

\ wV , o ay v oat '<■ (<s . . tcaso,w Iksc'Hhin ^ s'- ate , >s.d a . \m 

v 1 , ^ . S ' > »Oi>. 

.X.The system To beet provides special protection to SSNs (e,g., SSNs are 

encrypted, hidden from all users via a fook-np table, or only available to certain 
users: Describes! I b7E 

I I SSNs are only viewable to 

s>stem adroit:istrators. 

>' w a v Oa\d\c f a b e y-vem pm-e ,..* 1 gnome pasoi ,m to 

SSNs FXpiaiiK 

S. Is the system operated by a contractor? 

_No. 

... X.Yes. Information systems operated by contractors tor the FBI may be 

considered Privacy Act systems of records. The Federal Acquisition Regulation 
contains standard contract clauses that must be included m die event the system 
collects, maintains or disseminates PH and additional requirements may he 
r vn .u,n maum d \ r, ,e lUuoy ^ ut- " * U 

fo f ^ urn. ^ „ \ t t v mu K tee, „cd \> uaetm - go .ir e >„ 

\>-ss. motdnclih 

9. lias the system undergone Cerht'ication At: Accreditation (C&.A) by the FBI 
Security Division (SecDf? 

.No If no, indicate reason? if CNN A is pending, provide anticipated 
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completion date; 

X MX Il>pk-aM?nuikrak' she Ioil<n*mg, if k»»»w m 

Provide date of lost €&A eertitleatieo/re-eerii!le^de.o: 
*12/24/2818 

<litu5i1detvthd.iiyj l.,ow M ode rote ,.X Jilgh Podefiaed 
Integrity- Low_Moderate _XJi%h_I.Xulettned 

ArmmiUy i .Low _. Modersl* _X. J tigfc _ pBdetloed 
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10 . 


is this system/projecl the subject of an OMB--30C badges. sulmission/ 

.X HO 

V'BS if yes, please provide the date and name or 
title of the 0MB submission: 

1. Does the system conduct data mining as defined hi Section 804 ot the 

Implementing Recommendations of the 9/11 Commission Act of 2007, PX. 1 J0~ 
53 tcoddied at 42 I'SC dOOdee-Y s? 

.X NO 


YES If yes, please describe the data mining function: 

12. Is this a national security system (as determined by the Seep)? 

.X NO ........ YES 

13. S tat us o f 3 y stem/ P roj cot; 

This is a neve system/ project in development. (If yon checked this block, 

\ \ Xx " \ V. S.SS V ^ x \ V v V 

submitted to FBI OGC/FCL!/ for final FIB approval and determination If 
hi A an d/or other actions are required.] 


IL EXISTING SYSTEMS / FROJECTS 

1, a x ■< ' v -s'- ' p o w \o <\ i Psv 'u j < n ! 

2, IP ^ o 1 * * k \t i v U v ' .. t ' t ! 

X_ HO ill no, proceed to next question (113),] See response to question 0.1 


YES If yes. Indicate Milch of the flowing changes were involved (mark ah 
changes that apply, and pro vide brief explanation far each marked change) : 

A conversion from paper-based, records to an electros tic system. 

\vVin w , os 'hi 5 o x an w as cm s •* >. toi 
Identifiable to a format that is identifiable to particular individuals. 

A new use of an IT sysieni/prokct including application of a new 
! i * s 1 i •. t t w a w s i < v v. a 
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(For example, a change that would create a mote open environment and/or 
avenue for exposure of data that previously did not exist. 5 

A change that, results in information in idem; harde font; being 
.merged, centrali zed, or -Batched with other databases. 

A new method of a tuber; uca dug the use of and access to 
d nation tiden i e -form h me w s fthe .tblk 

A systematic incorporation of databases of iniornratioit in 
identifiable form purchased or obtained from commercial or public sources. 

A new interagency use or shared agency function that results in 
' a w u \s. .or! d« on * «. i A. in sk , n 

A change that results in a new use or disclosure of irbormaiion in 
idem!liable form. 

A change that results in new items of Information in identifiable 
form being added into the system/pro]cat. 

Changes do not involve a change in the type of records maintained, 
,oo mo <. w,\ - w> ’C >" giSmXl 4 we m " ‘ \ % I 01 , to t'C ~ 

dissemination of information front the aystentforuject. 

Other | Provide brief expteatkmj: 
if .Vs'',- P ^ fro thi\ v- O m m ves a'emsds e\o t 
X.NO .YES 

See EDS PTA dated 9/29/07. 

ft vest 

a. Provide drde/fiifr of the PI A: 

b. Has the system/project undergone any significant changes since the PI.-V? 

.NO .YES 

fl'be PTA is now complete and after division approvalfs) should be submitted to 
FBI dot Eli .far dual F SI approval and determination If Pi \ and/or other 
actions are rotjalred,] 
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{OGC/PCLUpev, 04/01^2011) 


FBI PRIVACY THRESHOLD ANALYSIS (PTA) 

NAME OF SYSTEM / PROJECT: Enterprise Process Automation System (EPAS) 


BIKR FBI Unique Asset ID: SVS00Q0139 


Derived Front: 

SYSTEM/PROJECT POC 

FBI OGC/PCLUPOG 

Classified Bvs 

Name:[ ” "H 

Name: 



Besses; 

Program Office: RPO 

Phone; 



Peekvsif* Os: 

Division: RPO 

Room Number: 7350 


Phone! 1 




Room Number: 6343 




FBI DIVISION I NTERMEDIATE APPROVALS 



Program Manager (or other appropriate 
executive as Division determines! 

Division Privacy Officer 

Program Division: 

Signature: I 1 

Signature: 


Date signed: B/ik'.Ci, ■ 

Date signed: 


Name: | | 

Name: 


Title: MAH' /TldCP 

Title: 

FBIHQ Division: 

Signatur@7p£^/v ' 

j Signature: 

Resource Planning 

Date signed: 

j Date signed: 

Office 

Name: Dave SchSendorf 

| Name: Add info here 


Title; Assistant Director 

Title: 


Aft*r fell division Approvals, forward signed hard ropy piss sleetrenie espy to I HI 0GC 'PC i 5 
(JEt* 735(1). 

' ' ' v' ' C V V v. V S \ u 1 S *. V V \ O S ^ J ■$ OS s ■* K * < * 4 x t '' 

>. '\ ' N. ^ O ' '.o. 
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FIN AL FBI APPROVAL / DETERMINATIONS / CONDITIONS: [This section will be completed by the FBI 
PCI U ' PCl O t oHowitm P f'A submission. The PTA drafter should skip to the next page and continue.] . 


_ PI A is required by the E-Government Act. 

_ PIA is to be completed as a matter of P8J/DOJ discretion. 

Is P1A to be pa Wished on FBI .GOV (after any RMD POIA redactions)?_Yes. No (ind icate reason): 


X, Pi A is not required for the following reason(s): 

_System does not collect, maintain, or disseminate PH. 

_System is grandfathered (in existence before 4/17/2003; no later changes posing significant privacy risks), 

_Information in the system relates to internal government operations. 

System has been previously assessed under an evaluation similar to a PI A. 

X No significant privacy issues (or privacy issues are unchanged), (tpytaMi- fU 

Other (descri be): ^ 


Applicable SOR.N(s): 


Notify FBI RMD/RIDS per MIOG 190.2.3? _No _.Yes-See sample EC on PCLU intranet website here: 

http://home/DO/OGC7LTB/PCLU/Privacj'Civii%20Liberties%20ybrary/fbnn fbr m miog 190-2-3 ec.wpd 


SORN/SORN revision(s) required? &N o Yes (indicate revisions needed): 

'P^i^fovise^dd'Privacy Act (e)(3> statements for related forms? _No. _Yes (indicate forms affected): 

_ _ ____________ _ 

“RECORDS. The program should consult with RMD to identify/resolve any Federal records/electronic records issues. 
The system may contain Federal records whether or not it contains Privacy Act requests and, in any event, a records 
schedule approved by the National Archives and Records Administration is necessary. RMD can provide advice on this 
as well as on compliance with requirements for Electronic Recordkeeping Certification and any necessary updates. 
Other: 


4 - 


Elizabeth Withneil 

Acting Deputy General Counsel 

FBI Privacy and Civil Liberties Officer 


Signature: 
Date Signed: 


?// h' 

9 /(ahz. 


epic.org 


14-06-04-FBI-FOIA-20150417-5th-Production 


EPIC-1378 



























L INFORMATION ABOUT THE SYSTEM / PROJECT 


L Provide a genera] description of the system or project that includes: (a) name of 
the system/project, including associated acronyms; (b) structure of the 
system/project, including interconnections with other projects or systems; (c) 
purpose of the system/project; (d) nature of the information in the system/project 
and how it wit! be used; (e) who will have access to the information in the 
system/project; (f) and the manner of transmission to all users. 

The Enterprise Process Automation System (EPAS) implements a workflow 
system on the FBINBT to serve as a standard for automated business processes. As pad 
of a major initiative by the Director’s Office, the Resource Planning Office (RPO), 

Business Process Management Unit (BPMU), which is the EPAS system owner, was 
tasked with deploying the EPAS project to host automated business processes as they are 
developed and deployed by both the RPO and other Divisions. 

The EPAS Privacy Impact Assessment, dated July 15,2011, covers forms 
currently in EPAS and any additional forms that support FBFs administrative operations, 
including the management of its human resources and payroll functions, hiring, 
requisition processing, and security. The Privacy and Civil Liberties Officer for the FBI 
requires a PTA on other workflows that may he added to EPAS. 

RPO is requesting approval to launch the following four new processes in EPAS, 

Access to each will be limited to those with a need to know. 

1. Continued Service Agreements (CSA) - CS A will automate the request and 
approval of the service agreements required for various incentives and training, 
such as recruitment, retention, and student loan reimbursement. CS A collects 
personal information and position and performance data for employees who are 
applying to receive one of these incentives. This includes the following PI I: 
name, SSN, 1 PAR ratings, position title, EOD, student loan documentation 
(lender, account number, amount owed), justification for receipt of incentive 
payment, and amount owed to the FBI. 

2. Security .Incident Reporting System (SIRS) ~ The software that operates the 
SIRS system is being replaced with a new prod uct. The SIRS process allows 

Bureau personnel to submit reports of incidents | | b 7 E 

| | SIRS will contain PH similar to other 

EPAS processes (name, SSN, phone number, login ID, file number, etc). 

3. Invoice Management System (IMS) - IMS Is replacing the stand-alone 

CPUIMS system for processing of commerci al invoices. The Financial 
Management System (FMS) uses SSN as thel I b7E 


* SSFis are required for disbursement of payments from the National Finance Center. 
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b7E 


~| howev er, users [ 


c 


program managers to]~ 


]wi!l have access to these SSNs. 
1 wi.11 allow Bureau 


| Most data s ubmitted through this process will be 
program based. The only PII contained i nj I will be system audit 
information, such as names of individuals 


2. Does the system/project collect, maintain, or disseminate any information about 
individuals (i.e., a human being or natural person, regardless of nationality)? 

_NO [IT no, STOP, The FT A is m w complete and after division approval^) 

should he submitted to FBI OGC/PCLU for final FBI approval Bates* you are 
otherwise advised, no PIA fa retpimi] 

X YES [If yes, please continue,] 

3 , Please indicate i f any of the following chafacteristics app ly to the information in the 
system about individuals: Bear in mind that log-on information may identify or be 
linkable to an individual. 

(Check all that apply.) 

__ x The information directly identifies specific individuals. 

..x The information is intended to be used, in conj unction with other data 

elements, to indirectly identify specific individuals. 

_x_ The information can be used to distinguish or trace an individual’s identity 

(i.e., it is linked or linkable to specific individuals). 

If you marked any of the above, proceed to Question 4. 

None of the above. If none of the above, describe why the information does not 
identify specific individuals either directly or indirectly. [If you checked this Item, 
STOP here after providing the requested description,] 

4. Does the system/project pertain only to government employees, contractors, or 
consultants? 


x NO ..YES 


b7E 
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5. Is information about United States citizens or lawfully admitted permanent resident 
aliens retrieved from the systera/projeei byname or oilier personal identifier? 

_ NO. [If no, skip to question 7*] 

x YES. [If yes, proceed to the next question.| 

6. Does the system/project collect any information directly from the person who is the 
subject of the information? 

____ NO [If no, proceed to question 7.J 

_x.YES 


a. Does the system/project support criminal, GT, or FCI investigations or 
assessments? 

_*_NO 

_YES [If yes, proceed to question 7.J 

b. Are subjects of information from whom the information is directly collected 
provided a written Privacy Act (e)(3) statement (either on the collection form or via a 
separate notice)? 

_NO [The program will need to work with PCLU to develop/implement 

the necessary" form(s).] 

x __ YES Identify any forms, paper or electronic, used to request such 
information from the information subject: 

- Non-Bureau personnel who have information in EPAS (as part of the Staffing 
process or Clearance Processing System), are notified about the Privacy Act through the 
USAjobs posting through which they are applying and the e-QIP (SF-86) form they 
submit. 

- A Privacy Statement is displayed on the main screen of the user 
interface for Bureau, personnel who use foe system, 

7. Are Social Security Numbers (SSNs) collected, maintained or disseminated from the 
system/project? Pull SSNs should only be used as identifiers in limited instances. 

__ NO x_YES If yes, check all that apply: 
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__ SSNs are necessary to establish/confirm the identity of subjects, victims, 
witnesses or sources in this law enforcement or intelligence activity. 


_x_SSNs are necessary to identify FBI personnel in this internal 

administrative system. 

____ SSNs are important for other reasons. Describe: 

x The system/project provides special protection to SSNs (e.g., SSNs are 
encrypted, hidden from all users via a look-up table, or only available to certain 
users). Describe: The social security numbers are only displayed when 
necessary'. Since the system is role-based, only users with the appropriate roles 
can see pages with SSNs displayed. 

__ It is not feasible for the system/project to provide special protection to 
SSNs" Explain: 

8. Is the system operated by a contractor? 

x No. 

_Yes. Information systems operated by contractors for the FBI may be 

considered Pri vacy Act systems of records. The Federal Acquisition Regulation 
contains standard contract clauses that must be included in the event the system 
collects, maintains or disseminates PI1 and additional requirements may be 
imposed as a matter of Department of Justice policy. Consultations with the 
Office of the General Counsel may be required if a contractor is operating the 
system for the FBI. 

9. Has the system undergone Certification ^ Accreditation (C&A) by the FBI 
Security Division (SeeD)? 

_____ NO If no, indicate reason; if C&A is pending, provide anticipated 
completion date: 

x YES If yes, please Indicate the following, If known: 

Provide date of last €<&A certification/re-certification: 2/12/12 
EPAS has been moved onto the DAVE platform and thus falls 
under its C&A. EPAS was given an AFU on this platform on 2/12/12. 

Confidentiality:_Low_Moderate_High Undefined 

Integrity': Low_Moderate_High_Undefined 
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Availability: _Low_Moderate_High_Undefined 

__ Not applicable - tMs sys^ is only p^r-based. 

10. Does the system conduct data mining as defined in Section 804 of the 
Implementing Recommendations of the 9/11 Commission Act of 2007, P.L, i 10- 
53 (codified at 42 USC 2000ee-3)? 

_x.. NO 

__ YES If yes, please describe the data mining function: 

11. Is this a national security system (as determined by the SecD}? 

_x_NO _YES 

12. Status of System/Project: 

_This is a new systetn/ project in de\elopment. lit yon cheeked this block 

s TOP, The FT: \ is now complete and after div Mum appro* a HO should he 
submitted to FBI OGC'FCl.I for IMal EM approval and determindrien If 
FIA aodmr other actions arc required,] 


II. EXISTING SYSTEMS / PROJECTS 
L When was the system/project developed? 2007 

2. Has the system/project undergone any significant changes since Apri l 17.20037 
_NO [If no, proceed to next question (11.3),] 


x _Y ES If yes, indicate which of the following changes were involved (mark all 

changes that apply, and provide brief explanation for each marked change): 

_A conversion from paper-based records to an electronic system. 

A change from information in a format that is anonymous or non- 
identifiable to a format that is identifiable to particular individuals. 

_ x _A new use of an IT system/project, including appl ication of a new 

technology, that changes how information in identifiable form is managed. 
(For example, a change that would create a more open environment and/or 
avenue for exposure of data that previously did not exist.) 
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_ A change that results in information in identifiable form being 
merged, centralized, or matched with other databases. 

__ A new method of authenticating the use of and access to 
information in identifiable form by members of the publ ic. 

A systematic incorporation of databases of information in 
identifiable form purchased or obtained from commercial or public sources. 

_A new interagency use or shared agency function that results in 

new uses or exchanges of mformation in identifiable form. 

__ A change that results in a ne w use or disclosure of information in 
identifiable form. 

A change that results in new items of information in identifiable 
form being added into the system/project. 

Changes do not involve a change m the type of records maintained, 
the individuals on whom records are maintained, or the use or 
dissemination of information from the system/project. 

__ Other {Provide brief explanation]; 

3. Does a FIA for this system/project already exist? 

_NO x YES 

If ves: 


a. Provide date/title of thePIA: 7/13/2011 Enterprise Process Automation 
System 

b. Has the system/project undergone any significant changes since the PI A? 

NO jx_YES 

See Section I. 

1 The P! \ Is &m- complete and after bb Mon approynlO} should be snfofofted to 
1 Bt 1 HA' fif't 1 for final FBI oppror at and determination if PI \ and or otlur 
actions ore fef|miredL| 
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IJNf LASS1FIF8//F0R OFFICIAL USE ONLY 

(OGO/PCLU (Rev. 04/01/2011) 

FBI PRIVACY THRESHOLD ANALYSIS (PTA) 

NAME OF SYSTEM / PROJECT: | | b7E 


BIKE FBI imqrn Asset ffi; AMI .1A 



SYSTEM/PROJECT FOC 

FBI OGC7FCLU POC 


Name: SSA| ! 

Name: AGCl 1 

Reason: 

Program Office: ELSUR Technology Management Unit 

Phone: | j 

Declassify On: 

Division; Operational Technology Division 

Room Number: 7350 JEH 


Phone: | j 



Room Number: 1 AiD, ERF-E 



FBI DIVISION INTERMEDIATE APPROVALS 


Program Manager (or Oliver appropriate 
executive as Division determines)_ 


j Program Division:: 


Signature: 
Date signed: 
Name: 

Title: 


FBIHQ Division: 
Operational Technology 
Division 


Signature 
Date si gned: 
Name: [ 


U/DT / 7 “ 

Title: Unit Chief, ELSIJR Technology 


I Management Unit 


Division Privacy Officer 


Signature: 
Date signed: 
Name: 

Title: 


Sigitaluri 
Date signed : 
Name: SSA|_ 


"/'hie 


Title: Assistant Section Chief, Data 
Acquisition/Intercept Section 


After all division approvals, forward signed hard ropy pins electronic copy to FBI OGC/PCLU 
(JPH7350). 

(The FBI Privacy and Civil Liberties Officer’s determinations, conditions, and/or final approval will he 
recorded on the following page.) 
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FINAL FBI APP ROVAL / DETERMINATIONS / CONDITIONS: 


X PS A is required by the E-Government Act, Q 


1 A PI A should be prepared 


Toi l l eneompassing these applications. 

_____ PI A is to be completed as a matter of FBl/DOJ discretion. 

Is PIA to be published on FB1.GOV {after any RMD FOIA redactions)?_Yes. 


_ No (indicate reason): 


PIA is not required for the following reason(s): 

_ System does not collect, maintain, or disseminate PH. 

System is grandfathered (in existence before 4/17/2003; no later changes posing significant privacy risks). 
__ Information in the system relates to internal government operations. 

System has been previously assessed under an evaluation similar to a PIA. 

No significant privacy issues (or privacy issues are unchanged). 

__Other (describe): 


Anoiicable SORN(s)J [Electronic Surveillance (ELS UR) Indices 

system of recor ds. DQJ/FBI-006: the SOR.N for DQJ/FBI-006 was last published in full at 70 Fed, Reg. 7513, 7514 
(Feb. 14, 2005)1 [vithin the Central Records 

System (CRS), DOi/FBI-002; the SORN tor the CRS was last published m tuil at OJ red. Reg. 8659, 8671 (Feb. 20, 
1998). 

NotifyFBI RMD/RIDS per MfOG 190.2,3? X No __Yes-See sample EC on PCLU intranet website here: 

http:Ahome/DO/OGC/L'TB./PCLU/PrivacyCivU%20i,ibert:ies%20Library/form..for„miogi90-2-3_ec.wpd 

SORN/SORN revision(s) required? J<_ No Yes (indicate revisions needed): 


Prepare/revise/add Privacy Act (e)(3) statements for related forms? _No 

N/A 


Yes (indicate forms affected); 


RECORDS. The program should consult with RMD to identify resolve any Federal records/electronic records issues. 
The system may contain Federal records whether or not it contains Privacy Act requests arid, in any event, a records 
schedule approved by the National Archives and Records Administration is necessary. RMD can provide advice on this 
as well as on compliance with requirements for Electronic Recordkeeping Certification and any necessary updates._ 


wel l as 
Other: 


| [ Acting Unit Chief 

Privacy and Civil Liberties Unit 


Elizabeth Withneil, Acting Deputy General Counsel 
and FBI Privacy and Civil Liberties Officer_ 


Signature: 
Date Signed: 


Signature: r 
Date Signed: n 


4 ^ 2 - 


' i\ j v ,/K Q (' Y (fly 
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I. INFORMATION ABOUT THE SYSTEM / PROJECT 

1. Provide a general description of the system or project that includes: (a) name of the 
system/project, including associated acronyms; (h) structure of the system/project, 
including interconnections with other projects or systems; (c) purpose of the system/project; 
(d) nature of the information in the system/project and how it will be used; (e) w ho will 
have access to the information in the system/project; (f) and the manner of transmission to 
all users. 



account information, \yj 
information provided b; 


ration does not contain personally identifiab le informatio n except 
which indirectly identifiers an individual. I H d oes cam 

neh is collected for access and use audits. It also contains! 


b7E 


b7E 


b7E 


b7E 


b7E 
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2. Does the system/project collect, maintain, or disseminate any information about individuals 
(i.e., a human being or natural person, regardless of nationality)? 

NO (If no, STOP. The PTA is now complete and after division approval(s) should be 

submitted to FBI OGC/PCLU for final FBI approval. Unless you are otherwise advised, no PIA 
is required.] 

_ X YES [If yes, please continue,] 

3. Please indicate if any of the following characteristics apply to the information in the system 
about individuals: Bear in mind that log-on information may identify or be linkable to an 
individual. 

(Check all that apply.) 

The information dire ctly identifies specific individuals. 

_ The information is intended to be used, in conjunct ion with other data elements, to 

indirectly identify specific individuals. 

X The information can be used to distinguish or trace an individual’s identity (i.e., it is 
linked or linkable to specific individuals). 

I f you marked any of the above, proceed to Question 4. 

None of the above. If none of the above, describe why the information does not identify 
Specific individuals either directly or indirectly. [If you checked this item, STOP here after 
providing the requested description,] 

4. Does the system/project pertain only to government employees, contractors, or consultants? 

X NO _YES 

1 Is information about United States citizens or lawfully admitted permanent resident aliens 
retrieved from the system/project by name or other personal identifier? 

_ NO. [If no, skip to question 7,j 

X YES. [If yes, proceed to the next question.] 

6. Does the system/project collect any information directly from the person who is the 
subject of the information? 

X NO [If no, proceed to question 7.] 

__YES 

a, Does the system/project support criminal, CT, or FCI investigations or assessments? 
NO 
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_YES (I f yes, proceed to question 7.] 

b. Are subjects of information front whom (he information is directly collected provided a 
written Privacy Act (e)(3) statement (either on the collection form or via a separate notice)? 

NO (The program will need to work with FCLU to develop/implement 
the necessary forra(s).j 

___ YES Identify any forms, paper or electronic, used to request such 
information from the information subject: 

7. Are Soda! Security Numbers {SSNs) collected, maintained or disseminated from the 
system/project? Full SSNs should only be used as identifiers in limited instances. 

X NO _ _ YES If yes, check all that apply: 

__ SSNs are necessary to establish/confirm the identity of subjects, victims, witnesses 
or sources in this law enforcement of intelligence activity. 

_ SSNs are necessary to identify FBI personnel in this internal administrative system. 

SSNs are important for other reasons. Describe: 

__ The system/project provides special protection to SSNs (e.g., SSNs are encrypted, 
hidden from all users via a look-up table, or only available to certain users). Describe: 

_It is not feasible for the system/project to provide special protection to SSNs. 

Explain: 

8. Is the system operated by a contractor? 

X No. 

_ Yes. Information systems operated by contractors for the FBI may be considered 

Privacy Act systems of records. The Federal Acquisition Regulation contains standard 
contract clauses that must be included in the event the system collects, maintains or 
disseminates Pll and additional requirements may be imposed as a matter of Department 
of Justice policy, Consultations with the Office of the General Counsel may be required if 
a contractor is operating the system for the FBI. 

9. Has the system undergone Certification & Accreditation (C&A) by the FBI Security 
Division (SecD)? 

__ NO If no, indicate reason; if C&A is pending, provide anticipated 

completion date: 

X YES if yes, please indicate the following, if known: 

Provide date of last C&A certification/re-certification: 
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and accredited on August 31,20 1 0, as part of the | | b7E 

and has Authority to Operate (ATO) through August 31,2013. 


Confidentiality': 

_ Low 

_Moderate 

X High 

_Undefined 

Integrity': 

X Low 

_Moderate 

_High 

_Undefined 

Availability: 

X Low 

_Moderate 

_JIigh 

_Undefined 


10. Does the system conduct data mining as defined in Section 804 of the Implementing 
Recommendations of the 9/11 Commission Act of 2007, P.L. 110-53 (codified at 42 bSC 
2000ee-3)? 

X NO 

YES If yes, please describe the data mining function: 

11. Is this a national security system (as determined bv the SecD)? 

,M. ; . NO _YES 

12. Status of System/ Project: 

__ This is a new system/project in development [If you checked this block, STOP. 
The PTA is now complete and after division approval(s) should be submitted to FBI 
OGC/PCLU for final FBI approval and determination if PI A and/or other actions 
are required,] 

II. EXISTING SYSTEMS / PROJECTS 

1. When was the system/project developed? I I was completed and deployed in August 

2010 . 

2. Has the system/project undergone any significant changes since April 17, 2003? 

_____ NO [If no, proceed to next question (11.3).] 

X YES If yes, indicate which of the following changes were involved (mark all changes 
that apply, and provide brief explanation for each marked change): 

A conversion from paper-based records to an electronic system. 

A change from information in a format that is anonymous or non- 
identifiable to a format that is identifiable to particular individuals. 

_ A new use of an IT system/project, including application of a new 
technology, that changes how information in identifiable form is managed. (For 
example, a change that would create a more open environment and/or avenue for 
exposure of data that previously did not exist.) 

I'NCLASS^TOSTO^JSjEONLY 
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A change that results in information in identifiable form being merged, 
centralized, or matched with other databases. 

A new method of authenticating the use of and access to information in 
identifiable form by members of the public. 

A systematic incorporation of databases of information in identifiable 
form purchased or obtained from commercial or public sources. 

_ A new interagency use or shared agency function that results in new uses 

or exchanges of information in identifiable form. 

_ A change that results In a new use or disclosure of information in 

identifiable form. 


__ A change that results in new items of information in identifiable form 
being added into the system/project. 

X Changes do not involve a change in the type of records maintained, the 
individuals on whom records are maintained, or the use or dissemination of 
information from the system/project. 


X Other [Pr ovide brief exnlanationlif 
previously naroed | 
in 2010, This application | 


^by FBI personnel. 


[a pplication was 
pvhen it was developed 

~|Thc application replaced the 


3. Does a PIA for this system/project already exist? 


X NO __ YES 


b7E 


If yes: 

a. Provide date/title of the PIA: 

b. Has the system/project undergone any significant changes since the PIA? 

_NO _YES 

{The FT A is now complete and after division approvals) should be submitted to FBI 
OCX7PCLU for final FBI approval and determination if PIA and/or other actions arc 
required.] 
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(OGC/PCLU (Rev. 04/01/2011) 


FBI PRIVACY THRESHOLD ANALYSIS (PTA) 

NAME OF SYSTEM / PROJECT: Facia! Analysis Comparison and Evaluation Services 


b6 

b7C 


BIKR FBI. Unique Asset II): „ 


Derived From: 
Ctorfmd By: 
Keasuux 
BeeM.mly CM: 


SYST EM/PROJEC T POC 
N ame | ~~j 

Program Office: Biometric Sendees 

Divisi on: CHS _ 

Phone J I 

Room Number: Dl__ 


FBI OGC/PCLU POC 
Name: 


Room Number: €3 


FBI DIVISION INTERMEDIATE APPROVALS 



Program Manager (or other appropriate 
executive as Division determines) U. t 

Division Pr 

vacy Officer 

Program Division: 

Signature: AM "* 

Date signed': g 

Name: Kimberly j, Pel Greco 

Title: Section Chief 

Signature: 


Date signet 

: •<*?*■**«-■_ 


Name:| 1 


Title: 

FBIHQ Division: 

Signature: 

Date signed: 

Name: 

Title: 

Signature: 

Date signed: 

Name: 

Title: 


FINAL FBI APPROVAL / DETERMINATIONS / CONDITIONS: 


_xx_ P3A is required by the E-Govemment Act 

_P1A is to be completed as a matter of FBl/DOJ discretion. 

Is Pi A to be published on FB1.GOV (after any RMD FOIA redactions)?_Yes. _No : 


PIA is not required for the following reason(s): 

System does not collect, maintain, or disseminate Pit 

~ System is grandfathered (in existence before 4/17/2003; no later changes posing significant privacy risks). 
^ Information in the system relates to internal government operations, 

"" System lias been previously assessed under an evaluation similar to a PIA. 

_No significant privacy issues (or privacy issues are unchanged), 

_Other: 
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Applicable SORN(s): _.FIRS.__........—....-...-. 

Notify FBI RMD/RIDS per MIOG 190.2.3? _No _xx_ Yes-See sample EC on PCUJ intranet website here: 

http://itome/DG>/OGC/LTB/PCLU/PrivacyCivil%20Liberties%20Library/form_for_tnk>g190-2'3_ec.wpd 

SORN/SORN revision(s) required?_No xx__Yes: 


Prepare/revise/add Privacy Act (eX3) statements for related forms?_No 

N/A 


RECORDS. The program should consult with RMD to identifv/resolve any Federal records/electronic records issues. 
The svstem may contain Federal records whether or not it contains Privacy Act requests and. in any event, a records 
schedule approved by the National Archives and Records Administration is necessary. RMD can provide advice on this 

as well as on compl iance wi th requirements for Electronic Recordkeeping Certification and any n gggssa ^ JEdatg^- 

Other: 


| ”jUnit Chief 

Privacy and Civ il Liberties Unit 


Signature: 
Date Signed: 


Acting Deputy General Counsel 
FBf Privacy and Civil Liberties Officer 


Signature: 
Date Signed: 
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I. INFORMATION ABOUT THE SYSTEM / PROJECT 

I. provide a general description of the system or project that includes: (a) name of 
the system/proj ect, Including associated acronyms; (fe) structure of the 
■ system/projeet, including interconnections with other projects or systems; (c) 

■purpose of the systcm/projeet; (d) nature of the information in the system/proj ect 
and how it will be used; (e) who will have access to the information in the 
system/project; (f) and the manner of transmission to all users. 

The Facial Analysis Comparison and Evaluation (FACE) Services Unit of the F Bl’s 
Criminal Justice Information Services (CHS) Division, Biometric Services Section (BSS), 
provides investigative support to FBI Special Agents, analysts, and other authorized 
personnel, The FACE Services Unit accepts unclassified photographs of subjects of FBI 
investigations (probe- photos) and uses facial recognition technology to compare those 
photos against FBI databases, other federal photo databases to which the FBI legally has 
access, and photo Repositories from states that have entered into agreements with the FBI 
to share data. After comparison and evaluation, the FACE Services Unit returns to the 
FBI ease agent or analyst candidate photos that are likely matches to the probe photo, 
with the caveat that candidate photos may serve only as investigative leads and do not 
constitute positive identification. 

The FACE Sendees Unit will compare the probe photos against, certain federal systems 
r | and will enter Memoranda of b7E 

Understanding (MOU) as needed to ensure data security and privacy. The FACE 
Services Unit also will provide the probe photos to state Departments of Motor Vehicles 
(DMVs) to be searched against photo repositories where permitted by state law. In these 
instances, authorized state personnel will perform the probe photo comparisons and 
return candidate photos to the FACE Services Unit. The FACE Services Unit will enter 
MOU with the DMVs to ensure data security and privacy, including the mandatory 
destruction of the probe photos by the state DMVs after facial comparison is completed. 

If the FACE Services Unit identifies or receives candidate photos based on the searching 
of the federal and state databases, it will perform additional evaluation in order to 
determine the most likely eandidate(s) for return to the FBI case agent or analyst. The 
Face Services Unit will store these most likely candidates and limited biographic 
information in the FACE Services Work Log. The Work Log will also contain the 
request for assistance originally received from the FBI case agent or analyst. All 
remaining candidate photos and any associated information will be immediately and 
permanently destroyed. 

Access to the Work Log will be limited to the FACE Services Unit and other authorized 
FBI personnel who require the information for performance of their official duties. 1 he 
Work Log records will be retained in adherence to a determined National Archi ve and 
Records Administration schedule. 
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2. Does the system/project collect, maintain, or disseminate any information about 
individuals (i.e., a human being or natural person, regardless of nationality )? 


_. NO 

_X_ YES [If yes, please continue.] 

3. Please indicate if any of the following characteristics apply to the information in the 
system about individuals: Bear in mind that log-on information may identify or be 
linkable to an individual. 

(Cheek all that apply.) 

The information directly identifies specific individuals. 

The information is intended to be used, in conjunction with other data elements, 
to indirectly identify specific individuals. 

X _ The information can be used to distinguish or trace an individuaPs identity (i.e., it 
is linked or linkable to specific individuals). 

If you marked any of the above, proceed to Question 4 

None of the above. If none of the above, describe why the information does not 
identity specific individuals either directly or indirectly. 

4. Does the sySfem/projeet pertain only to government employees, contractors, or 
consultants? 

X._NO _YES 


5. Is information about United States citizens or lawfully admitted permanent resident 
aliens retrieved from the system/project by name or other personal identifier? 

NO. [If no, skip to question 7.| 

X YES. [If yes, proceed to the next question.] 

6. Does the system/project collect any information directly from the person who is the 
subject of the information? 

_X_NO | If no, proceed to question 7.j 

YES 
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a. Does the sysiem/projeet support criminal, CT, or FC1 investigations or 
assessments? 

_NO 

__ YES f I f yes, proceed to question 7.) 

b. Are subjects of information from whom the information is directly collected 
provided a written Privacy Act (e)(3) statement (either on the collection form or via a 
separate notice)? 

___ NO {The program wilt need to work with PCLU to develop/implement 
the necessary form(s).] 

_YES Identify any forms, paper or electronic, used to request such 

information from the information subject: 

7. Are Social Security Numbers (SSNs) collected maintained or disseminated from the 
system/project? Full SSNs should only be used as identifiers in limited instances. 

_ NO _x_ YES If yes, check ail that apply: SSNs are not collected 

by the FACE Services Unit; however, SSNs may be associated with both probe and 
candidate photos. 

_ SSNs are necessary to establish/confirm the identity of subjects, victims, 

witnesses or sources in this law enforcement or intelligence activity, 

__ SSNs are necessary to identify FBI personnel in this internal administrative 
system. 

X_SSNs are important for other reasons. Describe: SSNs assist with the 

accurate identification of subjects of law enforcement investigations. 

The system/project provides special protection to SSNs (e.g.. SSNs are 
encrypted, hidden from all users via a look-up table, or only available to certain 
users). Describe; 

_It is not feasible for the system/project to provide special protection to 

SSNs. Explain: 

8. Is the system operated by a contractor? 

.X.No. 
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_ Yes. Information systems operated by contractors for the FBI may be 

considered Privacy Act systems of records. The Federal Acquisition Regulation 
contains standard contract, clauses that must be included in the event the system 
collects, maintains or disseminates P1I and additional requirements may be 
imposed as a matter of Department of Justice policy. Consultations with the 
Office of foe General Counsel may be required if a contractor is operating the 
system for the FBI. 

9. Has the system undergone Certification & Accreditation (C&A) by the FBI 
Security Division (SecD)? 

X_NO If no, indicate reason; if C&A is pending, provide anticipated 

completion date: The FACE Sendees Work Log has not 
undergone C & A; however, foe federal databases searched by the FACE Sendees 
Unit have undergone C & A. 

YES If yes, please indicate the following, if known: 

Provide date of last C&A certification/re-certification: 

Confidentiality:_Lew r _JVf ©derate ___High ^Undefined 

Integrity: _Low_Moderate_High_Undefined 

Availability: _Low_Moderate_High_Undefined 

__ Not applicable - this system is only paper-based. 

10. Does the system conduct data mining as defined in Section 804 ofthe^ 
Implementing Recommendations of the 9/11 Commission Act of 2007, P.L. 110- 
53 (codified at 42 USC 2000ee-3)? 

X NO 

_ YES If yes, please describe the data mining function: 

11. Is this a national security system (as determined by foe SecD)? 

X NO _.YES 


12. Status of System/ Project: 

. X This is a new system/ project in development. 
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II. EXISTING SYSTEMS / PROJECTS 
L When was the system/project developed? 

2. Has the system/project undergone any significant changes since April IT 2003? 

__ NO [If no. proceed to next question (11.3).] 

__ YES If yes, indicate which of the following changes were involved (mark all 
changes that apply, and provide brief explanation for each marked change): 

_____ A conversion from paper-based records to an electronic system. 

A change from information in a format that is anonymous or non- 
identifiable to a format that is identifiable to particular individuals. 

A new use of an IT system/project, including application of a new 
technology, that changes how information in identifiable form is managed. 
(For example, a change that would create a more open environment and/or 
avenue for exposure of data that previously did not exist.) 

A change that results in information in identifiable form being 
merged, centralized, or matched with other databases. 

_ A new method of authenticating the use of and access to 
information in identifiable form by members of the public 

A systematic incorporation of databases of information in 
identFfiabie fortri purchased or obtained from commercial or public sources. 

A new interagency use or shared agency function that results in 
new uses or exchanges of information in identifiable form, 

A change that results in a new use or disclosure of information in 
identifiable form. 

__ A change that results in new items of information in identifiable 
form being added into the system/project. 

Changes do not involve a change in the type of records maintained, 
the individuals on whom records are maintained, or the use or 
dissemination of information from the system/project. 

Other [Provide brief explanation]; 
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3. Does a PI A for this system/project already exist? 

_NO ..YES 

If yes: 

a. Provide date/title of the PIA: 

b. Has the system/project undergone any significant changes since the PIA? 

_NO _YES 
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! The system, niay contain Federal records whether or not is. co-mains Privacy Act. requests and, m my evem, a records 
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FBI. PRIVACY THRESHOLD ANALYSIS (PTA) 

\*M* >! vys fm ko I M 1 Vichwo I'cNjuge «0t& ^ :> race 


SikR 4 m \mqut \v*t ID \ » * ro^sK U' oU-uAVNi svwn sn t ecostet 


Rer N A Fibre: 

SVSTF.M PROiFrT POT_ 

1 B1 OGC PC I i PCK 

OMsiliM IV; 

i Name: SlTSl 1 

Name: AG(1 1 

Reason: 

1 Program Office: DSSli 

1 1 

Beeteasify On 

I Dt vision IT SO 

Room Number: ' -id JH l 


' f 1 



| Room Number: IB;64 



FBI DIVISION INTERMEDIATE APPROVALS as v'w v ^ »s»st ^ C 

Bhisteo potkvj_____ 



hogmm Manager i or other appropriate 
..g^tjvg p PivAion detennmes)_ 

Do. -■ o Privacy Otticcr 

1-1 i 

Program Divas-*: 

; information Ivclmuk^v 

Signature:! 

Omcvtened. no.^uA^ 

Signature:!,, ,, WJ , „—,—„-1 j 

Date sinned:" &M/, ^ 1 

; Services DIvAum 

Name! j 

Name.l | 

OTSD) 

Title: Unh Chief, Directory Services 

Support tin it 

Htie: Ink Chiek Vulnerability A j 

Compliance Support Unit ; 

FB.IHO Divirion: 

Signature: 

'Vee mgneo 

Name: 

One 1 v \ s 

Signature. | 

Date Acne i. 

Name: j 

Title: 1 


After All d'teteksa forvyierd tepnki teml oopv Assveteeteimte eogv to Fill 

OLL/FCFU: FIFO isfe 

i t he FBI: Priv.m v etui i >F \ Officer's \ ' ' ' \ s \ it Oog, ' : d approval 

lAt ft recorded or the A hem mg p|p; : p 
















FINAL FBI APPROVAL / DETERMINATION'S / CXlNTflTIONN: 


PIA is required by the fl-Government .Act. 

Pi A is to be completed as a matter of FBl/DOi <Hoc jxAU.;;s. 

is F; A to bo published on FBi.GOV • after any RMD FOIA redactions}? .Yes. .No pndleate reason!: 

X Pi A is not required for the following reason(s): 

System does riot collect, maintain. or disseminate PH, 

System is grandfathered no evidence he lore 40 7/2003: -to later changes posing significant privacy risks!. 
X information in the system relates to Internal government operations. 

System lias been previously assessed under at; evaluation saunas to a PI.4. 

No significant privacy issues tor privacy issues arc unchanged n 
X Other: rXchange 2010 is part of the IT infrastructure supporting the FBiXFT Secret Foehn c network. The 
only PH maintained by hschange is user dale, collected lor Fi security purposes. The user data Is authenticated against 
FBONFFs Active Dnecturv.~ 


Applicable SOKNis): :F )j I'hpruigiiey SysHanr AetivUv innl Ataevs Rccwds. :X H-002. a complete notice of vdiicls 

Adgjast pubbsiyec! a?.64JKc4 H!JV?9; ..'. 


Notify FBI RMD/RIDS per MKXi !90.2,?? .X.No .Vc.Sec sample PC on POLL intranet website here; 

b?lp:Abo;ue.AX)/()GC/L rB/PCLI.2lbavac} C'ivdYs20l,;berties < '/D0bibrary/tor;n K/r ntloglPb-A- y ec.opd 

SGRN/SOBN tevlslon(N) required? X .No . Yes :mbmeD ro Iskms needed g 


Prepare/revise/add Privacy Act (e}; 7 s siaterocnis Car related forms? X No Yes liodicate harms aQecteai: 


RECORDS. 1 he program should consult veldt RMD to identify; resolve any Federal ramords/clec ironic records issues. 
She system may contain Federal records whethes or not it contains Privacy Act requests and. in arty event, a records 
I schedule approved by the National Archives arrd Records Adsmnlstration is necessary. PAID cat; provide advice on this 
as reel: as on compliance with requirements Far electronic Recordkeeping Certification and any necevsms updates. 
Other: 


I I Unit Chief i Signature: ,•■>>>, 

L.ktsDhuY.iPHi2Dkii..i.kPYC.i:Di ;:;: ' . \ ^ • ; / - 

| Jacqueline F. Brown. Acting Deputy Genera; Counsel j Signature: ' 

j and FBI Privacy and Civil Liberties Officer [ Date Signed'.. 




















































L INFORMATION ABOtT THE SYSTEM / PROJECT 

1, Provide a general description of the system or project f bar includes: (a) nai 
the system/projec t, including associated acronyms; (!>} structure of Bsc 
systcm/project, including interco nn ections with other projects or systems^ (e) 
put pose of the system/project; (d) nature of the kd'o rood bus in the system proj 
and how it will he used; (e) who svs!i have access to the information in the 
systcm/projcct: (f) and the manner of transmission to all users, 

Microsoft Exchange is a business-oriented e-mail server, calendaring software and 
contact manager product utilized by the FBI on the SECRET Enclave (FBI'NET >. 1 
FBI is updating from Exchange Server 200? (currently in use) to Exchange Server i 

(a) FBINET Microsoft Exchange 2010 






. X Y.F.S fit'yes* please continued 

The only PI! maintained by Exchange is user dale. collected ha 11 security purposes. T. 
user data is authenticated against PBtNET's Active Directory. 

3. Please indicate if any of the iokowine characteristics apply to the Inlormakon in the 
system about uni it ideals; Bear in mind that log-on ini on nation may identity or he 
linkable to an individual. 

; Cheek ad that apply.) 

X i he information. directly identifies speethe individuals. 

The information is intended to he used, in conjunction with oilier data dements, 
to indirectly identity specific individuals. 

.....X_ The information can be used ts> distinguish or trace an individuals identity (i.e., 

is linked or linkable to sped tie individuals).. 

itfyou marked any of the above, proceed to Quest lo.o 4. 

None of the above, if none or the above, describe why the iniormation does not 
identify specific individuals either directly or indirectly, idf you shertsed this item* 
STOP here .after providing die ryxgie:pfo1 dymoap'tknfo 

eo.nauita.nts? 

NO .X.VPS 

5. is information about United States citUens or lawfully udmitted permanent resident 
aliens retrieved horn the systesrPpmhoet by name or other personal identifier? 

NO. |If no, skip to question 7,1 

.,X.YES. ^if yes, proceed to the next $tuesfkm,l 

subject of the information? 

_X.NO | If no, proceed to qumihm ?.f 

.YES 
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x ''S Itt'sea. pS'OCOed ls» pUCOSOS'S *\| 

separate notice s? 

NO fThe program will need p> wt>rk mth PCM.' to <lo\ eh>p/irmp!etnenf 
the neee\«,urx ho s\ns' 

YES Identity am forms, paper or deuronko used to mptest such 

inihrmmon tram the information object: 

?. Are Social Security 'Numbers {SSNst collected, main mined or disseminated from the 
syete.n-/project? Full SSNs should only be used as identifier': m h:rated instances. 

.X .NO .Vi e If yes, check ah that apply: 

.SSKs are necessary to estaldish/eonirnu - he identity oi ,mb cen. vie tons, 

c loesses or sot.trees irt tins law enforcement or intelligence activity. 

.SSNs are necessary to identity Fill; personnel in thin internal 

ad mi ni strath e sea p rn. 

SSNs are important for ether reasons. 

Pesalfesu 

osy Menses icoe mwm e '^SNssy v h\ 

',\ i ."p.\v as x \ " m , \ o 

users). Describe; 

, I s o ic '\v or \ spec , ; ,' e 

SSNs.. F: spin to: 

I, 's'de sr'Ce:^'",v\ e \ : coo e 

.Yes. 

Security Division (SceDs? 














YhS s' w ' v v 

title of the O.YIB suhmmHm: 


Does the system conduct data edrdog as defined in Section S04 of the 
irnpientemtog ReconnnendatUats of the 9/1. ; C Nomnussnm /Net of 200/ 
S3 (eodi.fted at 42 !/SC... 2000oc--3f? 
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. 0 , * \|S|IV X v\MI Mh «'*OU v ' ^ 


1. When was the syxtem/proieci developed? Exchange 2010 is on updated version of 
Exchange 2007. Exchange 20(5? eve: deployed August 12. 2(509. 

1\0 Ilf no, proceed to next question (11.3.;. 1 

;.X.YES If yes, indicate which of the following changes were involved (mark af! 

dsmtges that apply, ami provide hrlef esplanatdott for each marked changed 

A conversion freon paper-based records to art electronic system. 

A change thorn information in a format that is anonymous or non- 
idcmHIuhic to n tbnnaf that is identifiable to particular indivulmds. 

A new rtse of an IT syatem/proieei. including application of a nose 
technology, that changes inns mtdrmadon in idem!noble idem is managed, 
(for example, a change that would create a mow open environment and/or 
avenue Par exposure of data that previously did not exist..; 

A change thru results in mrbrrnauon in Idtmtifablo form being 
merged, ccotrab/ed or matched with other databases. 

A new method of authenticating the use of arid access to 
information in idenPlioble form by members off.be public. 

A systematic incorporation of databases of info? mat km in 
identifiable (mint purchased or obtained thorn eomsnereial or public sources. 

A ;tew Interagency use or shared agency function that results in 
new uses or exchanges of information in idemiliable 'f irm. 

A change that results in a new use or disclosure of inidnnabon in 
identifiable form. 

A change that results in new items of mtormaPoo in identifiable 
form lacing added into the systcmgwojecv 

.X.Changes do trot involve a damage in the ty pe of records maintained. 

the individuals on whom records are maintained, or the use or 
dissemination of inlonnadon from the systcm/proiect. 

.Other: 'fids project consists of-mooting the existing FBI's e-mail 

exchange ihnm Yticrosrdi Exchange 20(5? to Exchange /(tit;. Both systems 
















































IRAU/pCLO (ohowine hi A uihmoGoti The PT.A drafter should skip t o the next page and uonUnued.. 


Pi A. is sxxrnired by the jhAkn-suannesr; Act 
'.1 x " u t\ snog k mb o a none- pi i DO; ..^wus n. 
is Pi A to be published on Fisl.GOV Carter any RAID POIA redaction)? .Yes.. .No (mdicate reason): 


A^ Pi A is no; required tor the hollowing rcasoutsr. 

System does wot collect mabtfahn or disseminate Pit 

' System Is grandfathered (m existence before 4/1772003; nofi|l,r changes posing signbkans. privacy risks) 
X In bo owl ion In the cyst cm rsiates to internal govern mem operations. 

System has been previously wo eased tinder an evaluation similar to a Pi A. 

No sigobreaot privacy issrtes (or privacy issues are unchanged). 


Applicable SORN(sr , > ,t ap .RIF .JN.i/7> 

- Act 

^OtfifA' Y>.xoAFo.w 


Notify FBI RMD/RIDS per MIOG IPO 2.3 f J 

Nfo \ 

wuAee sample fIC on PCLG mtra 

ee.Wpd 

' 'Yx- ^ , A_ X ° 

Yes (Itnll 

ote .revisions needed): 


Prepare.:revise, as;;.; .m octey Act iepo) sunentetto 

for related forms ? .y No Aestutdrenn 

;.o; tits S;.;ecme 1. 

: RECORDS, The program should consult v. ah Rxtn to Identity resolve arty Federal records elceowtle records hones. 

the system may eontnlt; Federal records whether or not It contains Privacy Act requests and, in any event, a records 
i schedule approved by the National Archives arid Records Administration Is necessary. RAID cart provide advice on tills 
i as red; as on. compliance with reonnernents lor Lieetronlc Hccordkecome Certilxaumn and arty necessary updates 

1 Other: 




|l hilt Chief 

Sicnanne: 



Privacy and Civil Liberties Unit 

Date bmueu 


James J. Larsdon, Deputy Genera! Counsel 

FBI Privacy and Civil Liberties Officer 

Sagnatore: 

: ' ' A Am. ,A w. 
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1, INFORMATION ABOVT THE SYSTEM / PROJECT 


L Frovtde a general description of the system or project that ineitnks; (a) 
s»t of the svstm/projeet* indudhsg associated neroaytttsj {!>) structure of 
the systeahprojerh metrdiag ittlercoimectttms with other projects or m stems: 
fe) purpose of the system/ptojeet; (d) nature of the information in the 
system/pimjeef and how it will he used; (e) who will hare seem to the 

hi the syatent/projeei? (f) hod the manner of transmission to oil 

users. 

a 1 v nat v o ibis projet >* ipiL yak \e xe yjnt N n >rsAAs sotmore 
upgrade". I his is a COTS product made by Finest, Ire I his Pi' \ applies only to the 
\A sothvaro upgrade »>n F BIN FT kenpH ogle A \ \oider \eratmn \sas hatulled on 
FBIHET more than, one year ago. 

I b7E 


2 v N n - s esystet ifectco „s>. m * \ a sse steooyiofermali ,x it 

mdmdwds (ie., almamn being or natural person, regardless of natkmalily}'? 

_X._NO 

SeriptLogie \ A does not collect, maintain, or disseminate any mfermahon about 
k N airman being or r arson, reg ess io ' , «g 


epic.org 


14-06-04-FBI-FOIA-20150417-5th-Production 


EPIC-1203 








epic.org 


14-06-04-FBI-FOIA-20150417-5th-Production 


EPIC-1204 











X? [The pr>-igry m ndl a> ^(»rk vsPh PC 1.1' ry dc%ylo|>/msp>k>uies>? 
thy Bs«§iw .fermlXCI 


YES tde&tih am forms or eteuYyuk, used u> mpest suck 
mCornt:dum from the utformatmu smCh^P 



KG Y« S <hevk all that apph ' 
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tu 'sxunMk w\ i\ v -x hat ohm tv vh c\\ 
collects, maintains or disseminates .PI f. and additional requirements may be 
itnpossd ax a matter ofltej^rtmem or J ostler policy. Cor euhaunnx v* ah the 
Office of the General Counsel may be required if a contractor is operating the 
system for the FBI, 

f, \ Lr r e v\o n \ % ' s, t ort>i\ o < A \uw tino v O\ L K v f'Bf 
Security Division tSecDI? 

__ \t > It on, indicate reason; if < <& \ is pending, pesoide anticipated 

completion date. 

Yf v If > es, please Indicate the follow tog, If know n; 

Pmn ids.' date of last C\% \ ccrttlication/rc-ccrtifleation; 

I 'onfuk'niialny:_1 on._Moderate 11 igb 1 mfefmad 

Integrity: _Low Moderate High i odefsned 

As ailabillty; _Low Moderate High Undefined 

Not applicable • tins system is only paper-based. 
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! 0. Does the system conduct dais. raming ak defined in Section 804 of the 

moOeooeoDoe -o' the i . > v or or. -000 \m {* 2 f”' 1 ; ' so- 

52 D; '*''00 * OvX : V\e-' 

. NO 

' 5 \ It ses, please describe the dene missing ftmeiiom 

1 1. I s tins a national security system (as determined by the SeeD)? 

.NO .YES 

12. Staffs of System/ Project; 

This is a new system/ prefect r development f IT yon cheeked this block, 
STOP, The PTA is oaro complete sod alter dP boost approtaltyl shonhl he 
sohmkted to FBI OGC.VPC'l it for ftmtl FBI approval and determination If 
PI A anther other actions are reptbmU 


II. EXISTING SYSTEMS / PROJECTS 
1 . When was the system/project developed? 

2 \ v ^ Sv^ o o o v\ oooe y ».e " 2 V' 

NO I if 00. proceed u> next question DID f \ 


YEN l: >4.0. o * u w D' too owl $ oh 'xswov evoked t*m,x o' 
changes that apply, and provide brief explanation for each marked changer 

V com.', rsfon from paper-based mco ds m or eiee*mn c system 

____ A change from mhmmsUon in a formal that Is anonymous or non- 

identifiable 50 a format that is idem! liable to particular a mo iduols 

A mm a so of.."; 11 at stem per 000 foe lading on a hoot Do \ 0 ttev. 
technology, that changes how information in identifiable form is managed, 
tbm example, o eh ox th.ai would crn.ae a more open 00v aerne u and et 
avenue tm exposure oi lata that prevtout y did tin t exist) 

A ebaape tbot m\n'w * uudrot-omr m '.dentitiable form befog 
nvmod centrals, vl. m snatched vn k othc" dtanuxov's 
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A new method of authenticating the use of end access to 
information in MentdhHe sbmt b\ metres ro of fie public 

A systematic incorporation of databases of inlormodoo in 
okiititld'-e ios!': purchased or obtained from eommereia] or public sources. 

A oco' interagency use or shared agency function d-at results l-i 
new uses or e\chances o! infonnauon in identtiublc form. 

A chanpe that resuhs nr a new use m doctosun; ot' itc omvepen in 
sdeotidchie then 

___ \ ''honcc 'Jtat mono in neve e w m os ut in John'c 

form being added into the system/prcyect. 

Changes do not involve a change in the type of records maintained, 
the naio ion 5 s -mi whmn record'-' are nta mane A m the use o 
dxseenonctnn; of nunnunhoo Item the cistern ounceh 

^ „ Other f Provide brief evpianaiiooh 

3. Does a PI A &r this system/project already exist? 

.NO .YES 

Iff ex: 

a. Provide daie/tifle of the PI At 

c oho the system protect undergone any signdtesm changes so tee tee Pi \ 

N< > ? iiS 


11 he P i A is now eotnpim nod after division uppers ntfsl should he so bonded to 
I B1 OGC /IN 1,1 ho final FBI approve! and determination if Ef \ nob s>r other 
actions ore rexptireth] 
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